XxX1
Background: Know: engineID , engineBoots, engineTime, authentication, privacy, report message, Recognize: Engine discovery The information you are going to need for every SNMP version 3 request , regardless of the security model used, is: ▪ Authoritative SNMP EngineID ▪ Authoritative SNMP EngineBoots ▪ Authoritative SNMP EngineTime ▪ Secret (user) name  Information above is the minimum information required to construct a valid noAuthNoPriv (no authentication and no privacy) request. Now lets figure out what needs to be done to build a basic noAuthNoPriv request. Before you can make requests, you need to have the SecretName (username) for the hosts you wish to query. Think of this as the equivelent of the SNMP community name in SNMP v1 and v2. Security name is not enough. You will need authoritative agent engine information before you can make requests. To get this information, you will need to send a discovery request. Engine discovery: Discovery of the snmpEngineID is done by sending a Read Class protocol operation to retrieve the snmpEngineID scalar using the localEngineID defined above as a contextEngineID value. Steps of Engine Discovery:（'RFC5343 '）''' 1. Check whether a suitable contextEngineID value is already known. If yes, use the provided contextEngineID value and stop the discovery procedure. 2. Check whether the selected security model supports discovery of the remote snmpEngineID (e.g., USM with its discovery mechanism). If yes, let the security model perform the discovery. If the remote snmpEngineID value has been successfully determined, assign it to the contextEngineID and stop the discovery procedure. 3. Send a Read Class operation to the remote SNMP engine using the localEngineID value as the contextEngineID in order to retrieve the scalar snmpEngineID. If successful, set the contextEngineID to the retrieved value and stop the discovery procedure. 4. Return an error indication that a suitable contextEngineID could not be discovered. '''Send Request with securityLevel noAuthNoPriv & no content noAuthNoPriv is just a helper method that sets flags (in SnmpV3Packet.MsgFlags) for Authentication and Privacy to false and sets the SecurityName (or user name) to the value specified. Comparable methods are available for authNoPriv and authPriv security modes that make generation of appropriately secured packets as easy as possible. Response will be a Report message containing the snmpEngineID authFlag 1 & msgUserName Response is another Report PDU indicating snmpEngineBoots and snmpEngineTime See alsoEdit Corresponding TELE9752 lecture slide ReferencesEdit 1. http://www.snmpsharpnet.com/node/122. 2. SNMP Context EngineID Discovery, 2009 3. RFC 5343: Simple Network Management Protocol (SNMP) Context EngineID Discovery 4. SNMP Version 3 Low Level Packet Class Unsorted material from xxL3 Discovery process: Prior to making any SNMP request from an SNMP engine, an empty SNMP version 3 packet is sent as a discovery packet. The SNMPv3 agent will respond with a REPORT message that will include SNMP engine ID, SNMP engine boots and SNMP engine time values that will be used in subsequent requests. Once the required information is retrieved from the SNMP engine in this manner, further requests can be made using authentication and privacy settings specific for the agent. Category:All